Massive data breach hits big retailers, service companies

STEVE CHIOTAKIS: Best Buy, TiVo and Walgreens now join the ranks of other big retailers and service companies affected by a massive data breach at an online direct advertiser. JPMorgan Chase, Citigroup and Kroger came out over the weekend to say their customer information -- mainly names and e-mails -- was lifted from a company called Epsilon.

Ted Julian is a principal analyst at the Yankee Group. He's with us live from Boston. Good morning.

TED JULIAN: Hey good morning Steve.

CHIOTAKIS: Now these are a lot of high-profile companies on the list, how big could this get?

JULIAN: It's a dynamic situation. We're up to over 30 firms that are customers of Epsilon that have disclosed to customers that they may have been impacted. And if you just look at some of the brands that you walk through, it's clear that there's the potential for tens of millions if not hundreds of millions of individuals to have had their emails compromised.

CHIOTAKIS: Why would a company such as, I don't know, Chase or Walgreens, Best Buy, why would they contract promotional emails out to Epsilon. What exactly does Epsilon do?

JULIAN: It's their business to do this and do it well. So there's a couple factors at play.

CHIOTAKIS: Do what though? What do they do?

JULIAN: They help large firms do e-mail marketing, and do that very effectively with lots of analytics so they can back up who they're targeting and how effective those campaigns are.

CHIOTAKIS: Yeah, OK. Because there are so many companies involved, you said 30 plus, and because we see this kind of thing going on all over the place, should we be concerned about this? Like, really worried?

JULIAN: What makes this a little interesting is that the bad guys seemingly will be able to correlate the emails addresses with the brands that the customer recognizes and so, it's not just a generic spam message, but it could be one that's designed to appear that it comes from any of the vendors on this list and they could try to compromise the trust that you have in that brand. And for this reason consumers really should be quite careful about going through their email, even more carefully than usual.